[cfe-dev] Strange null deref from static analyzer
Morrell, Michael
michael.morrell at intel.com
Wed Oct 9 12:38:03 PDT 2013
[Previously posted to cfe-users with no response, so trying here]
With the following code:
=================================
#include <stdlib.h>
extern bool x, y, z;
void foo(uint16_t *p)
{
uint16_t *px = NULL, *py = NULL, *pz = NULL;
if (x) {
px = p;
p += 32;
}
if (y) {
py = p;
p += 32;
}
if (z)
pz = p;
if (px != NULL)
px[0] = 0;
if (py != NULL)
py[0] = 0;
if (pz != NULL)
pz[0] = 0;
=================================
Running:
checker-275/libexec/c++-analyzer -c foo.cpp gives:
foo.cpp:25:15: warning: Array access (from variable 'py') results in a null pointer dereference
py[0] = 0;
~~ ^
foo.cpp:27:15: warning: Array access (from variable 'pz') results in a null pointer dereference
pz[0] = 0;
~~ ^
2 warnings generated.
All variables are checked for NULL right before the deference. It is OK with "px", but not "py" or "pz".
As an aside, running "scan-build c++ -c foo.cpp" says there are no bugs. I don't know why that would be different.
Should I just file a bug for this?
Michael
More information about the cfe-dev
mailing list